public HttpResponseMessage ApproveTimesheetEntry([FromBody] TimesheetEntryDTO timesheetEntryDTO) { if (Is <TimesheetFeature> .Enabled) { TimesheetEntry timesheetEntry = db.TimesheetEntries.Find(timesheetEntryDTO.Id); if (timesheetEntry == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound)); } var email = HttpContext.Current.User.Identity.Name; UserProfile userProfile = db.UserProfiles.FirstOrDefault(usr => usr.Email == email); if (userProfile == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound)); } //Check business rules if (!timesheetEntryDTO.FinishDateTime.HasValue) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Finish time for shift must be specified")); } if (timesheetEntryDTO.FinishDateTime.Value < timesheetEntryDTO.StartDateTime) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Finish time for shift must be AFTER start time")); } if (ClaimsAuthorization.CheckAccess("Put", "BusinessId", timesheetEntry.TimeCard.BusinessLocation.Business.Id.ToString())) { timesheetEntry.Approved = true; timesheetEntry.ApprovedDateTime = WebUI.Common.Common.DateTimeNowLocal(); timesheetEntry.ApprovedBy = userProfile; timesheetEntry.StartDateTime = timesheetEntryDTO.StartDateTime; timesheetEntry.FinishDateTime = timesheetEntryDTO.FinishDateTime; try { db.Entry(timesheetEntry).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotImplemented)); } }
public void Put(Guid id, [FromBody] ShiftTemplateDTO shiftTemplateDTO) { if (ModelState.IsValid) { if (ClaimsAuthorization.CheckAccess("Put", "BusinessId", shiftTemplateDTO.BusinessId.ToString())) { var shiftTemplate = MapperFacade.MapperConfiguration.Map <ShiftTemplateDTO, ShiftTemplate>(shiftTemplateDTO, db.ShiftTemplates.Find(shiftTemplateDTO.Id)); //Business rules if (shiftTemplateDTO.StartTime > shiftTemplateDTO.FinishTime && !shiftTemplateDTO.FinishNextDay) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Shift start time must be before end time")); } //Role selected must be applicable to the Employee if (shiftTemplateDTO.EmployeeId != null && shiftTemplateDTO.RoleId.HasValue && db.Employees.Find(shiftTemplateDTO.EmployeeId).Roles.FirstOrDefault(r => r.Id == shiftTemplateDTO.RoleId) == null) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Employee does not have the role specified")); } if (shiftTemplateDTO.InternalLocationId.HasValue) { shiftTemplate.InternalLocation = db.InternalLocations.Find(shiftTemplateDTO.InternalLocationId); } else { db.Entry(shiftTemplate).Reference(r => r.InternalLocation).CurrentValue = null; } if (shiftTemplateDTO.RoleId.HasValue) { shiftTemplate.Role = db.Roles.Find(shiftTemplateDTO.RoleId); } else { db.Entry(shiftTemplate).Reference(r => r.Role).CurrentValue = null; } if (shiftTemplateDTO.EmployeeId.HasValue) { shiftTemplate.Employee = db.Employees.Find(shiftTemplateDTO.EmployeeId); } else { db.Entry(shiftTemplate).Reference(r => r.Employee).CurrentValue = null; } db.Entry(shiftTemplate).State = EntityState.Modified; db.SaveChanges(); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } } else { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } }
public HttpResponseMessage PutBusiness(Guid id, BusinessDetailsDTO businessDTO) { if (ClaimsAuthorization.CheckAccess("Put", "BusinessId", id.ToString())) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != businessDTO.Id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } try { var business = MapperFacade.MapperConfiguration.Map <BusinessDetailsDTO, Business>(businessDTO, db.Businesses.Single(b => b.Id == id)); //Lookup BusinessType and attach, so that no updates or inserts are performed on BusinessType lookup table business.Type = db.BusinessTypes.Single(t => t.Id == businessDTO.TypeId); ////Apply any role updates or inserts //foreach (RoleDTO roleDTO in businessDTO.Roles) //{ // Role role = business.Roles.FirstOrDefault(r => r.Id == roleDTO.Id); // //If there is a role, then need to update // if (role != null) // role.Name = roleDTO.Name; // else //This is a new role being added // { // var newRole = MapperFacade.MapperConfiguration.Map<RoleDTO, Role>(roleDTO); // newRole.Id = Guid.NewGuid(); // business.Roles.Add(newRole); // } //Note: deletion of roles is not supported here //} db.Entry(business).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } }
public HttpResponseMessage Put(Guid id, BusinessPreferencesDTO businessPrefDTO) { if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", businessPrefDTO.BusinessLocationId.ToString())) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != businessPrefDTO.Id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } try { var businessPreferences = MapperFacade.MapperConfiguration.Map <BusinessPreferencesDTO, BusinessPreferences>(businessPrefDTO, db.BusinessPreferences.Find(businessPrefDTO.Id)); db.Entry(businessPreferences).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } }
// PUT api/BusinessTypeAPI/5 public HttpResponseMessage PutBusinessType(int id, BusinessType businesstype) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != businesstype.Id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } db.Entry(businesstype).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); }
public HttpResponseMessage PutShift(Guid id, ShiftDTO shiftDTO) { var businessLocId = db.Shifts.Find(id).Roster.BusinessLocation.Id; if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", businessLocId.ToString())) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != shiftDTO.Id) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Id provided does not match object.")); } try { var shift = MapperFacade.MapperConfiguration.Map <ShiftDTO, Shift>(shiftDTO, db.Shifts.Single(s => s.Id == id)); //If an already published shift is being edited need to send notifications for any changes to employee as a cancel notification if (shift.IsPublished) { //Notify employee that the shift is being taken from as a cancellation if (shift.Employee != null && shift.Employee.UserProfile != null && shift.Employee.Id != shiftDTO.EmployeeId) { MessagingService.ShiftCancelled(shift.Employee.UserProfile.Email, shift.Employee.UserProfile.FirstName, shift.InternalLocation.BusinessLocation.Name, shift.StartTime, shift.FinishTime); } } //If the employee assigned to the shift has changed, need to notify them that they have a shift broadcast var employeeAdded = (shiftDTO.EmployeeId != null && (shift.Employee == null || shift.Employee.Id != shiftDTO.EmployeeId)); shift.Employee = db.Employees.Find(shiftDTO.EmployeeId); //Notify the employee they have been added to a published shift if (shift.IsPublished && employeeAdded && shift.Employee.UserProfile != null) { MessagingService.ShiftBroadcast(shift.Employee.UserProfile.Email, shift.Employee.UserProfile.FirstName); } shift.InternalLocation = db.InternalLocations.Find(shiftDTO.InternalLocationId); shift.Role = db.Roles.Find(shiftDTO.RoleId); db.Entry(shift).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } }
public void AddTokenDetails([FromBody] PaymentDetailsDTO paymentDetailsDTO) { if (Is <PaymentFeature> .Enabled) { var employee = db.Employees.Find(paymentDetailsDTO.EmployeeID); if (employee != null) { if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employee.BusinessLocation.Id.ToString())) { var paymentdetails = new PaymentDetails { Id = Guid.NewGuid() }; if (employee.PaymentDetails != null) { paymentdetails = employee.PaymentDetails; } paymentdetails.TokenCustomerID = paymentDetailsDTO.TokenCustomerID; paymentdetails.BusinessLocation = employee.BusinessLocation; paymentdetails.CreatedDate = WebUI.Common.Common.DateTimeNowLocal(); //If there is another payment detail from a different employee then delete if (employee.BusinessLocation.PaymentDetails != null && employee.BusinessLocation.PaymentDetails.Employee.Id != employee.Id) { //employee.BusinessLocation.PaymentDetails. db.Entry(employee.BusinessLocation.PaymentDetails).State = EntityState.Deleted; } employee.PaymentDetails = paymentdetails; db.SaveChanges(); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound)); } } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotImplemented)); } }
// PUT api/calendarapi/5 public HttpResponseMessage Put(int id, [FromBody] ScheduleDTO scheduleDTO) { if (ModelState.IsValid) //&& scheduleDTO.EndDate > calendarEventDTO.StartTime) //Ensure entry is a valid start date and finish date { var schedule = db.Schedules.Find(scheduleDTO.Id); if (schedule == null) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Unable to find schedule with given id")); } //Ensure only supported types created. if (scheduleDTO.Frequency != 0 && scheduleDTO.Frequency != 1 && scheduleDTO.Frequency != 2) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Frequency not supported. Must be once off (0), Daily (1) or Weekly(2)")); } if (schedule.UserProfile.Email != User.Identity.Name) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You are not authorised to access this schedule")); } try { var scheduleMOD = MapperFacade.MapperConfiguration.Map <ScheduleDTO, Schedule>(scheduleDTO, schedule); db.Entry(scheduleMOD).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } }
public HttpResponseMessage Put(Guid id, UserPreferencesDTO usrPrefDTO) { var email = HttpContext.Current.User.Identity.Name; UserProfile usrProfile = db.UserProfiles.FirstOrDefault(usr => usr.Email == email && usr.Id == id); if (usrProfile != null) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } try { var userPreferences = db.UserPreferences.Find(usrPrefDTO.Id); //If NULL, then retain any existing image data as no overrite is occurring (we don't pass back the whole image each time) //This is a bit of a hack, best solution is to seperate out any uploaded documents as per this page (http://www.codeproject.com/Articles/658522/Storing-Images-in-SQL-Server-using-EF-and-ASP-NET) if (usrPrefDTO.ImageData == null) { usrPrefDTO.ImageData = userPreferences.ImageData; usrPrefDTO.ImageType = userPreferences.ImageType; } userPreferences = MapperFacade.MapperConfiguration.Map <UserPreferencesDTO, UserPreferences>(usrPrefDTO, userPreferences); db.Entry(userPreferences).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } }
public HttpResponseMessage PutConfirmToken(string id) { if (db.security_Membership.SingleOrDefault(m => m.ConfirmationToken == id) == null) { return(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Cofirmation token does not exist")); } else { var secMembership = db.security_Membership.Single(m => m.ConfirmationToken == id); //Remove token and set IsConfrimed to true secMembership.ConfirmationToken = null; secMembership.IsConfirmed = true; db.Entry(secMembership).State = EntityState.Modified; db.SaveChanges(); } //Update account to be confirmed return(Request.CreateResponse(HttpStatusCode.OK)); }
// PUT api/calendarapi/5 public HttpResponseMessage Put(Guid id, [FromBody] CalendarEventDTO calendarEventDTO) { if (ModelState.IsValid && calendarEventDTO.FinishTime > calendarEventDTO.StartTime) //Ensure entry is a valid start date and finish date { var calendarEvent = db.CalendarEvents.Find(calendarEventDTO.Id); if (calendarEvent == null) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Unable to find calendar event with given id")); } if (calendarEvent.UserProfile.Email != User.Identity.Name) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You are not authorised to access this calendar event")); } try { var calendarEventMOD = Mapper.Map <CalendarEventDTO, CalendarEvent>(calendarEventDTO, calendarEvent); db.Entry(calendarEventMOD).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } }
// PUT api/<controller>/5 public void Put(Guid id, [FromBody] ShiftBlockDTO shiftBlockDTO) { if (Is <ShiftBlockFeature> .Enabled) { if (ModelState.IsValid) { if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", shiftBlockDTO.BusinessLocationId.ToString())) { var shiftBlock = MapperFacade.MapperConfiguration.Map <ShiftBlockDTO, ShiftBlock>(shiftBlockDTO, db.ShiftBlocks.Single(st => st.Id == id)); //Business rules if (shiftBlockDTO.StartTime > shiftBlockDTO.FinishTime && !shiftBlockDTO.FinishNextDay) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "ShiftBlock start time must be before end time")); } shiftBlock.Role = db.Roles.Find(shiftBlockDTO.RoleId); db.Entry(shiftBlock).State = EntityState.Modified; db.SaveChanges(); } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized)); } } else { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } } else { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotImplemented)); } }
// PUT api/EmployeeAPI/5 public HttpResponseMessage PutEmployee(Guid id, EmployeeDTO employeeDTO) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != employeeDTO.Id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added")); } try { bool sendEmailNotification = false; var employee = db.Employees.Find(id); if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employee.BusinessLocation.Id.ToString())) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission")); } //Do not allow modification of email addresses which are linked to userprofiles already if (employee.UserProfile != null && employeeDTO.Email != employee.Email) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "You can not modify email address for an employee which is linked to a registered user")); } //If the email address is being updated then send notification to new address if (employee.Email != employeeDTO.Email && !String.IsNullOrEmpty(employeeDTO.Email)) { sendEmailNotification = true; } //Map the updates across to original object employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO, employee); //Check to see if there is already an employee with this same email address registered for the business location. var employeeExistingEmail = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employee.Email && emp.Id != employee.Id && emp.BusinessLocation.Id == employee.BusinessLocation.Id); if (employeeExistingEmail != null) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business")); } //Lookup BusinessLocation and attach, so that no updates or inserts are performed on BusinessType lookup table var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId); employee.BusinessLocation = busLoc; if (employee.IsAdmin) { employee.ManagerBusinessLocations.Add(busLoc); } else { //if not admin but currently linked if (employee.ManagerBusinessLocations.Contains(busLoc)) { employee.ManagerBusinessLocations.Remove(busLoc); } } //Hook up any roles selected employee.Roles.Clear(); //Clear first so we can hook up correct DB items if (employeeDTO.Roles != null) { foreach (RoleDTO roleDTO in employeeDTO.Roles) { Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id); if (role == null) { return(Request.CreateResponse(HttpStatusCode.NotFound)); } employee.Roles.Add(role); } } //If user email has been updated then send notification and request if (sendEmailNotification) { //Remove any old employee requests if (employee.EmployeeRequest != null) { db.Entry(employee.EmployeeRequest).State = EntityState.Deleted; } //Create an entry in the EMployeeRequest table EmployeeRequest empRequest = new EmployeeRequest() { Id = Guid.NewGuid(), CreatedDate = WebUI.Common.Common.DateTimeNowLocal(), Status = RequestStatus.Pending, BusinessLocation = employee.BusinessLocation }; employee.EmployeeRequest = empRequest; //If an existing user profile exists with matching email address if (db.UserProfiles.Any(usr => usr.Email == employee.Email)) { //Send user email notifying them that a business has registered their email and they need to approve to link MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, employee.Email, employee.MobilePhone); } else //Send email notifying them that they have been registered with a business and invite to register an account { MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone); } } db.Entry(employee).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); }